Improve the `wp_set_password()` PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.

See #28316. git-svn-id: https://develop.svn.wordpress.org/trunk@29461 602fd350-edb4-49c9-b593-d223f7449a82
2014-08-10 02:38:52 +00:00 · 2014-08-10 02:38:52 +00:00 · 5aef1c5aa5
parent 39ba840e04
commit 5aef1c5aa5
1 changed files with 4 additions and 0 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@ -2052,6 +2052,10 @@ if ( !function_exists('wp_set_password') ) :
 * For integration with other applications, this function can be overwritten to
 * instead use the other package password checking algorithm.
 *
+ * Please note: This function should be used sparingly and is really only meant for single-time
+ * application. Leveraging this improperly in a plugin or theme could result in an endless loop
+ * of password resets if precautions are not taken to ensure it does execute on every page load.
+ *
 * @since 2.5.0
 *
 * @uses $wpdb WordPress database object for queries